Lucene search
K

6 matches found

Snyk
Snyk
added 2026/04/15 7:19 p.m.7 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/28 1:59 a.m.3 views

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the ResetPassword function and the background token cleanup process. An attacker can gain persistent unauthorized access to user accounts by reusing intercepted password reset...

9.8CVSS6AI score0.00673EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 4:16 p.m.6 views

CVE-2026-2359

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to...

7.5CVSS5.9AI score0.00663EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 3:42 p.m.8 views

CVE-2026-2359 Multer vulnerable to Denial of Service via resource exhaustion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to...

8.7CVSS5.9AI score0.00663EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/27 3:42 p.m.22 views

CVE-2026-2359 Multer vulnerable to Denial of Service via resource exhaustion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to...

8.7CVSS0.00663EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/17 7:21 p.m.1 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

9.1CVSS6.8AI score0.00361EPSS
Exploits0References2
Rows per page
Query Builder